Digital education tools are coming. There's a lot of venture capital going towards "big data" approaches to developing better teaching tools. Online classes are still working out the bugs, but presumably, digital degrees (or nano-degrees?) may provide some advantages over traditional classrooms in the future. [url]

After you've finished checking out those links, take a look at our Daily Deals for cool gadgets and other awesome stuff.

Permalink | Comments | Email This Story
]]>urls-we-dig-uphttps://www.techdirt.com/comment_rss.php?sid=20101119/02220011934Thu, 21 May 2015 01:00:05 PDTCertification: How The US Demands Even More Concessions After Trade Agreements Have Been Signed And RatifiedGlyn Moodyhttps://www.techdirt.com/articles/20150520/04064331057/certification-how-us-demands-even-more-concessions-after-trade-agreements-have-been-signed-ratified.shtml
https://www.techdirt.com/articles/20150520/04064331057/certification-how-us-demands-even-more-concessions-after-trade-agreements-have-been-signed-ratified.shtml
The battle raging over the fast track bill is essentially one about control: who gets the final say over so-called trade agreements like TPP and TAFTA/TTIP. If the US President is not given trade promotion authority, it is possible that Congress will demand changes to the negotiated text; with fast track, it will be a simple up or down vote. That's also the situation in other countries participating in the negotiations: once the text is agreed upon, they can essentially accept it or reject it. However, a group of senior politicians in five of the TPP nations point out that after those votes, the US can still demand further concessions from its partners thanks to a process known as certification:

Senior parliamentarians from five countries negotiating the Trans-Pacific Partnership (TPP) agreement have signed an open letter urging their political leaders to protect their nations’ sovereignty from the United States' process of certification.

The US withholds the final steps that are necessary to bring a trade and investment treaty into force until the other party has changed its relevant domestic laws and regulations to meet US expectations of its obligations under the agreement. In the past, US 'expectations' have gone beyond what is in the actual text, and even included matters that were rejected in negotiations.

US officials can define another country's obligations; become directly involved in drafting that country's relevant law and regulations; demand to review and approve proposed laws before they are presented to the other country's legislature; and delay certification until the US is satisfied the new laws meet its requirements.

In other words, even though other nations might think that after their agreement and ratification of the text, everything is fixed, the US reserves the right to come back and demand changes to domestic laws and regulations so as to ensure that the implementation is as it wishes. That's no mere theoretical option: it has been used against both Peru and Australia recently. In the latter case, the US was unhappy with the legislation enacting the Australia-US free trade agreement (AUSFTA), and demanded that Australia bring in a supplementary law that actually went beyond the terms of AUSFTA. Even then, the US reserved its right to take legal action if it felt that Australia had still not gone far enough.

The publication of the open letter (pdf) to the political leaders of the TPP nations is a timely reminder that however much sovereignty they might be willing to give up during the negotiations for the sake of supposed gains, the US may want even more concessions -- without, of course, granting other countries the same prerogative.

Permalink | Comments | Email This Story
]]>enough-is-never-enoughhttps://www.techdirt.com/comment_rss.php?sid=20150520/04064331057Mon, 17 Nov 2014 13:17:48 PSTTRUSTe Pays Up $200k To Settle Charges Of 'Deceiving Consumers' Over Its Certification Of SitesMike Masnickhttps://www.techdirt.com/articles/20141117/11163129172/truste-pays-up-200k-to-settle-charges-deceiving-consumers-over-its-certification-sites.shtml
https://www.techdirt.com/articles/20141117/11163129172/truste-pays-up-200k-to-settle-charges-deceiving-consumers-over-its-certification-sites.shtmlagreed to pay the FTC $200,000 and change its representations about how it goes about certifying various sites. In particular, the FTC claims that TRUSTe did not review sites frequently enough. Separately, there were some shenanigans over the fact that TRUSTe switched from being a non-profit to a for-profit operation in 2008, but let users of the seal still tell people that TRUSTe was some sort of non-profit (as many in the public have believed).

The FTC’s complaint alleges that from 2006 until January 2013, TRUSTe failed to conduct annual recertifications of companies holding TRUSTe privacy seals in over 1,000 incidences, despite providing information on its website that companies holding TRUSTe Certified Privacy Seals receive recertification every year.

In addition, the FTC’s complaint alleges that since TRUSTe became a for-profit corporation in 2008, the company has failed to require companies using TRUSTe seals to update references to the organization’s non-profit status. Before converting from a non-profit to a for-profit, TRUSTe provided clients model language describing TRUSTe as a non-profit for use in their privacy policies.

The proposed order announced today will help ensure that TRUSTe maintains a high standard of consumer protection going forward. Under the terms of its settlement with the FTC, TRUSTe will be prohibited from making misrepresentations about its certification process or timeline, as well as being barred from misrepresenting its corporate status or whether an entity participates in its program. In addition, TRUSTe must not provide other companies or entities the means to make misrepresentations about these facts, such as through incorrect or inaccurate model language.

There is an interesting partial dissent from FTC Commissioner Maureen Ohlhausen, effectively challenging the issue with other websites still saying TRUSTe is a non-profit. While the issue is that TRUSTe was recertifying these websites, and thus should have said that they had to make the certification clear, Ohlhausen points out that it's wrong to blame TRUSTe for statements made by other sites and not by TRUSTe itself.

Unlike Shell and Magui Publishers, the statement that TRUSTe provided to its clients
was indisputably truthful at the time. During the period in which TRUSTe required client
privacy policies to state that TRUSTe was a non-profit, TRUSTe was, in fact, a non-profit. Once
TRUSTe changed to for-profit status, it no longer required clients to state its non-profit status
and actively encouraged clients to correct their privacy policies. TRUSTe did not pass to clients
any false or misleading representations regarding its for-profit status. Nor was TRUSTe’s
recertification of websites a misrepresentation of TRUSTe’s non-profit status to its clients;
during recertification TRUSTe again clearly communicated its for-profit status to clients by
requesting that its clients update their privacy policies. Because TRUSTe accurately represented
its non-profit status to its clients, TRUSTe cannot be primarily liable for deceiving consumers
under a means and instrumentalities theory.

This argument makes a lot of sense, and as someone concerned about secondary liability in a variety of places, it does seem wrong for the FTC to hold TRUSTe responsible for the conduct of third party sites, even as it was recertifying them. Either way, this settlement is a good reminder that just because there's a "trusted" certification on a site, it doesn't always mean the site is trustworthy...

If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Permalink | Comments | Email This Story
]]>urls-we-dig-uphttps://www.techdirt.com/comment_rss.php?sid=20110801/03512515341Mon, 30 Sep 2013 17:00:00 PDTDailyDirt: Who Cares if You Went To A Good School?Michael Hohttps://www.techdirt.com/articles/20110720/15405415181/dailydirt-who-cares-if-you-went-to-good-school.shtml
https://www.techdirt.com/articles/20110720/15405415181/dailydirt-who-cares-if-you-went-to-good-school.shtml

If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Permalink | Comments | Email This Story
]]>urls-we-dig-uphttps://www.techdirt.com/comment_rss.php?sid=20101123/16271911995Fri, 19 Oct 2012 11:37:00 PDTWindows 8's Arbitrary App Certification Rules Could Block Skyrim And Other Huge GamesZachary Knighthttps://www.techdirt.com/articles/20121018/08270420750/windows-8s-arbitrary-app-certification-rules-could-block-skyrim-other-huge-games.shtml
https://www.techdirt.com/articles/20121018/08270420750/windows-8s-arbitrary-app-certification-rules-could-block-skyrim-other-huge-games.shtmlaccepting Windows 8 as a viable gaming platform. The primary concern is with Microsoft's insistence on walling off its Metro UI and accompanying Windows Store. When a distribution system is walled off, new restrictions come along that limit the type of content that can be made available. As application and game developers learn more about the restrictions Microsoft plans to implement, their concern is growing.

Take for instance the recent discovery that Microsoft plans to limit the games made available through its Windows Store and Metro UI. In a broader piece on what a closed Windows 8 platform means for developers, Casey Muratori highlights one of the strict and ultimately contradictory restrictions on game content. Using the 2011 Game of the Year, Skyrim, as a hypothetical Windows 8 candidate, Casey asks the question, would it be allowed on the Windows store and Metro UI.

Because no software can ship on this future platform without it going through the Windows Store, the team that built Skyrim would have to send it to Microsoft for certification. Then Microsoft would tell them if they could ship it.

"Your app must not contain adult content, and metadata must be appropriate for everyone. Apps with a rating over PEGI 16, ESRB MATURE, or that contain content that would warrant such a rating, are not allowed."

And that's the end of it. No Skyrim for the Windows Store, unless of course the developers go back and remove all the PEGI 18-rated content.

Unfortunately, Casey does not highlight the contradictory nature of this arbitrary rule -- what if a game has both an M rating by the ESRB and an 18 rating by PEGI, as Skyrim does. What will Microsoft do? Will it block the game entirely, region-restrict it to only ESRB regions or make an exception to its own rule and allow it for all the world? These are the kinds of questions that frustrate developers. Apple has had its fair share of arbitrary enforcement of content restrictions and you would think that Microsoft would at least attempt to learn from that example.

To further highlight the problem with this restriction, Casey lists four games that are in competition to be 2012's Game of the Year. Of those four games, none would be allowed on Windows 8 for the same reason, they got an ESRB M rating and a PEGI 18 rating. Microsoft has set itself up to exclude some of the best selling games of the future. Hardly a way to attract the support of developers.

Permalink | Comments | Email This Story
]]>arbitrary-guidelines-are-the-besthttps://www.techdirt.com/comment_rss.php?sid=20121018/08270420750Tue, 22 Jun 2010 14:48:58 PDTUS Copyright Group Willing To Reveal The Tech It Uses To Identify File Sharers... Sort OfMike Masnickhttps://www.techdirt.com/articles/20100622/0037549910.shtml
https://www.techdirt.com/articles/20100622/0037549910.shtmlthousands of lawsuits on people it accuses of infringing on copyrights, in an effort not to stop infringement, but to send out "pre-settlement letters" to get people to pay up to avoid the lawsuits. Dunlap keeps insisting, despite similar efforts accusing perfectly innocent people of infringement and demanding payment, that its technology is reliable and credible. CCS Labs, a company that does work in the computer crime field, was curious about this and asked US Copyright Group for the right to review its methodology and technology.

Dave Gordon from CCS Labs contacted us to let us know that US Copyright Group has agreed to let it review its technology and methodologyif CCS Labs can show that it has been hired by someone who is being sued by it. So, CCS Labs is looking for anyone who was on the receiving end of a US Copyright Group lawsuit to contact them as soon as possible:

However, the CCS LABS, requires your help! If you have received a letter from the US Copyright Group please contact the CCS LABS and formally request them to represent you as your technology experts. They will need your case number of personal contact details which will not be made public. You will also have access to the full report produced by the CCS LABS, instead of a summary disclosure report.

Why might this be important? Beyond getting a look into what US Copyright Group is actually doing in determining who it accuses of infringement, CCS Labs could potentially determine that the technology is not reliable for courtroom use:

The technology supplied will be tested for "fitness" and can receive one of three classifications NOT CERTIFIED, eDiscovery Certified, or Forensics Certified. Only Forensics Certified software may be used to provide "expert evidence" in court. If the technology receives a NOT CERTIFIED classification then the technology is not fit for any intelligence gathering use.

I have no clue if the technology and methodology used by USCG is any good, but it would be nice to have some more details on it, and also getting it tested to determine whether or not it really can be used in court. Among the questions that CCS Labs intends to look at:

1) Is the file downloaded the file that is expected?
2) Are the IPs listed providing the chunks expected or false chunks?
3) Is every action logged?
4) Is a full report produced?
5) Are problems displayed and analysed by humans later?
6) What is the user documentation like?
7) Are the users of the technology fully trained on the technology?
8) Do we have access to the developers?
9) Is the technology's confidence level known?
10) Are the results produced by the Technology repeatable?
11) Has the technology been assessed by an external auditing authority already?
12) How automated is the system?
13) What level of redundancy checking is used?
14) If hashing used, which algorithm(s) is/are used?
and many more...

I'm guessing that US Copyright Group really isn't that keen on having all these questions answered.

Permalink | Comments | Email This Story
]]>an-investigation-would-be-usefulhttps://www.techdirt.com/comment_rss.php?sid=20100622/0037549910Tue, 25 May 2010 07:22:42 PDTSpeed Camera Company Admission May Mean Tickets Issued From 1997-2008 Weren't ValidMike Masnickhttps://www.techdirt.com/articles/20100524/0056329545.shtml
https://www.techdirt.com/articles/20100524/0056329545.shtmltaken a hit due to massive opposition to these cameras, leading it to lose a major contract in the state of Arizona, while having many of its camera programs declared illegal. But things may be getting even worse. Reader Pwdrskir points us to some news coming out of a lawsuit that Redflex is dealing with from competitor American Traffic Solutions (ATS). The details of that aren't all that interesting. However, as a part of that lawsuit, Redflex had to admit that its radar/speed cameras, despite claims to the contrary by Redflex were not certified by the FCC until 2008. That calls into question every ticket issued by those cameras from 1997 to 2008. And, as the article notes, it sounds like a lawsuit is already being planned in response to challenge the validity of those past tickets.

Permalink | Comments | Email This Story
]]>details,-detailshttps://www.techdirt.com/comment_rss.php?sid=20100524/0056329545Mon, 20 Apr 2009 10:01:53 PDTCongress Ponders Cybersecurity Power GrabTimothy Leehttps://www.techdirt.com/articles/20090403/1346154383.shtml
https://www.techdirt.com/articles/20090403/1346154383.shtmlattention paid last week to a new "cybersecurity" bill that would drastically expand the government's power over the Internet. The two provisions that have probably attracted the most attention are the parts that would allow the president to "declare a cybersecurity emergency" and then seize control of "any compromised Federal government or United States critical infrastructure information system or network." Perhaps even more troubling, the EFF notes a section that states that the government "shall have access to all relevant data concerning (critical infrastructure) networks without regard to any provision of law, regulation, rule, or policy restricting such access." Read literally, this language would seem to give the government the power to override the privacy protections in such laws as the Electronic Communications Privacy Act and the Foreign Intelligence Surveillance Act. Thankfully, Congress can't override the Fourth Amendment by statute, but this language poses a real threat to Fourth Amendment rights.

One clause that I haven't seen get the attention it deserves is the provision that would require a federal license, based on criteria determined by the Secretary of Commerce, to provide cybersecurity services to any federal agency or any "information system or network" the president chooses to designate as "critical infrastructure." It's hard to overstate how bad an idea this is. Cybersecurity is a complex and fast-moving field. There's no reason to think the Department of Commerce has any special expertise in certifying security professionals. Indeed, security experts tend to be a contrarian bunch, and it seems likely that some of the best cybersecurity professionals will refuse to participate. Therefore, it's a monumentally bad idea to ban the government from soliciting security advice from people who haven't jumped through the requisite government hoops. Even worse, the proposal leaves the definition of "critical infrastructure" to the president's discretion, potentially allowing him to designate virtually any privately-owned network or server as "critical infrastructure," thereby limiting the freedom of private firms to choose cybersecurity providers.

When thinking about cyber-security, it's important to keep in mind that an open network like the Internet is never going to be perfectly secure. Providers of genuinely critical infrastructure like power grids and financial networks should avoid connecting it to the Internet at all. Moreover, the most significant security threats on the Internet, including botnets and viruses, are already illegal under federal law. If Congress is going to pass cybersecurity legislation this session (and it probably shouldn't) it should focus on providing federal law enforcement officials with the resources to enforce the cyber-security laws we already have (and getting the government's own house in order), not give the government sweeping and totally unnecessary new powers that are likely to be abused.

Permalink | Comments | Email This Story
]]>no-cybersecurity-licenses-pleasehttps://www.techdirt.com/comment_rss.php?sid=20090403/1346154383Wed, 19 Mar 2008 16:54:00 PDTVerizon Wireless: Open In Name Only?Mike Masnickhttps://www.techdirt.com/articles/20080319/162702587.shtml
https://www.techdirt.com/articles/20080319/162702587.shtmlopening its network. This was a bit of a surprise, as Verizon Wireless has been among the most closed when it came to allowing anyone to do anything on its network. Of course, there were few details in the announcement. Now, the company has revealed a bit more about its "open" plans and they're incredibly underwhelming. In fact, you can almost pinpoint the problems based on the the key points Verizon Wireless chose to highlight.

First off, in order to get on the network you'll first have to get your device "certified" by Verizon Wireless. While the company insists that "the certification process won't be lengthy, costly or complicated," most people seem to think that it may be all three. It's going to take 4 to 8 weeks to get your device approved, and the expectation is that access will involve per-byte fees. It also means that if you want to use Verizon's new "open" network you have to spend all the time and effort to build a device, and then wait, hope and pray that Verizon "certifies it." Or, you can just ignore Verizon's network altogether and build a GSM-based device and pop in a SIM card and you're ready to go. So, Verizon's "open" network seems a lot more closed, annoying and expensive than the GSM networks that are more widely available.